Xadia

Security & Compliance

How Xadia protects your data and maintains HIPAA compliance

HIPAA Compliant Platform

Xadia is designed and operated to comply with the U.S. Health Insurance Portability and Accountability Act (HIPAA). We implement comprehensive administrative, physical, and technical safeguards to protect Protected Health Information (PHI).

HIPAA Compliant
BAA Available
SOC 2 Type II Data Centers

Our Security Measures

We implement multiple layers of security to protect your data and your patients' information.

Technical Safeguards

  • AES-256 encryption at rest
  • TLS 1.3 encryption in transit
  • Multi-factor authentication (MFA)
  • Role-based access controls (RBAC)
  • Automatic session timeouts

Physical Safeguards

  • SOC 2 Type II certified data centers
  • Geographic data redundancy
  • 24/7 security monitoring
  • Controlled facility access
  • Environmental controls

Administrative Safeguards

  • Employee security training
  • Access audit logging
  • Incident response procedures
  • Business continuity planning
  • Regular security assessments

Key Security Features

Strong Authentication

HIPAA-compliant password requirements (12+ characters with complexity) and optional multi-factor authentication for enhanced security.

Audit Logging

Comprehensive logging of all access to PHI, including who accessed what data and when, to meet HIPAA audit requirements.

Session Management

Automatic session timeouts after periods of inactivity and secure session handling to prevent unauthorized access.

Access Controls

Role-based access controls ensure users only access the data they need. Clinic owners can manage team member permissions.

Data Protection

Patient photographs are encrypted at rest and in transit. Data is never used for AI training or shared with third parties.

Breach Notification

In the unlikely event of a data breach, we follow HIPAA breach notification requirements to notify affected parties within 60 days.

How We Handle Your Data

Patient Photos Are Encrypted

All patient photographs are encrypted using AES-256 encryption at rest and TLS 1.3 in transit.

Never Used for AI Training

Your patient data is NEVER used to train AI models. It is processed solely to provide the smile simulation service.

Multi-Factor Authentication

Protect your account with MFA via email codes or authenticator apps for an additional layer of security.

Secure Deletion

When you delete data or close your account, PHI is securely deleted from our systems within 30 days.

International Users

Xadia's compliance framework is based on U.S. HIPAA requirements. If you are accessing this service from outside the United States, you are responsible for ensuring your use complies with applicable local, regional, and national data protection laws, including but not limited to GDPR (European Union), PIPEDA (Canada), LGPD (Brazil), and other applicable regulations.

By using Xadia, you acknowledge that you have reviewed and understand your jurisdiction's requirements regarding healthcare data privacy.

Security Questions?

If you have questions about our security practices or need to report a security concern, please contact our security team.

security@xadia.us

Related Documents

Privacy PolicyTerms of Service